Pages

Friday, 14 August 2015

Google Update Does Not Protect Against Stage Fright Leak

The update that Google has released the Critical Stage Fright flaw in Android does not work, say researchers from security firm Exodus Intelligence . However, Google will continue to roll out the faulty update, so let them know on their own blog. Through Stage Fright an attacker could install malicious apps on Android phones by just sending an MMS message.

On July 31, Jordan Gruskovnjak researcher claimed that there was a serious problem with the proposed patch of Google.Since the update itself had not yet been rolled out, the investigator could not confirm his suspicions. Last week, Google released the update finally out so Gruskovnjak could test whether the Stage Fright leak was indeed completely solved or not.Eventually he managed to create an MP4 file which the update could circumvent and to crash the device. The researcher warned Google on 7 August, but received no response.

Then Exodus Intelligence decided to publish details about the issue. The company states that they are probably not the only ones who have discovered that the update does not solve the problem entirely. In addition, would Stage Fright Detector app from Zimperium, the company that discovered the vulnerability, incorrectly indicate that users are safe, even if that is not the case. Meanwhile work Exodus Intelligence and Zimperium together to improve the detection of the app. However, Google still has not responded.